>>>>> "Alan" == Alan Buxey <[log in to unmask]> writes:
Alan> Hi,
>> 1) Freeradius should not require a shared secret for TLS
>> connections
Alan> oh but it has to - as part of the RADIUS over TLS
Alan> specification the underlying RADIUS part isnt changed...and a
Alan> shared secret needs to be present - so the default of 'radsec'
Alan> is used - RFC 6614 - OSC updated their default too (to
Alan> 'radsec') with version 4.11 of RADIATOR - so if we want cross
Alan> RADIUS interoperability we want to stay in spec
To clarify, when reading a config file if the client or listener is set
to tls protocol, and no secret is specified, the config structure should
be populated with the default secret from the RFC.
Today it forces you to stick a secret in the config file.
